EDU-262: Palo Alto Networks: Cortex XDR 3.0: Investigation and Response (EDU-262)

Become an EPIC Affiliate

To view the class schedule you need to become an Affiliate

  • Largest “Guaranteed To Run” public technical training schedules available
  • Easy to become an Affiliate – no charge or fee
Become an EPIC Affiliate

already an Affiliate?  Login

About this Course

Audience Profile

  • Cybersecurity analysts and engineers
  • Security operations specialists

At Course Completion

Successful completion of this instructor-led course with hands-on lab activities should enable the students to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR’s external-data collection

Outline

  • 1 - Cortex XDR Incidents
  • 2 - Causality and Analytics Concepts
  • 3 - Causality Analysis of Alerts
  • 4 - Advanced Response Actions
  • 5 - Building Search Queries
  • 6 - Building XDR Rules
  • 7 - Cortex XDR Assets
  • 8 - Introduction to XQL
  • 9 - External Data Collection

Prerequisites

Participants must have completed the Cortex XDR: Prevention and Deployment (EDU 260) course.